3381 matches found
VulnCheck KEV: CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
MiracleLinux 7 : gimp-2.8.16-3.el7, gimp-help-2.8.2-1.el7 (AXSA:2016-1136:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1136:01 advisory. gimp GIMP GNU Image Manipulation Program is a powerful image composition and editing program, which can be extremely useful for creating logos and other...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
GHSA-H66J-XM43-47PP Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776
Umbraco CMS v8.14.1 is affected by a server-side request forgery due to improper validation of the baseUrl parameter in dashboard and help endpoints. The vulnerability enables an attacker to force the server to perform unauthorized requests to external hosts via the GetContextHelpForPage, GetRemo...
EUVD-2026-2753
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
PT-2026-3051
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
MiracleLinux 4 : eclipse-3.6.1-6.13.AXS4 (AXSA:2011-432:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-432:01 advisory. The Eclipse platform is designed for building integrated development environments IDEs, server-side applications, desktop applications, and everything in...
CVE-2022-50919
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without...
CVE-2022-50919 Tdarr 2.00.15 - Command Injection
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without...
CVE-2022-50919
Tdarr 2.00.15 has an unauthenticated remote code execution vulnerability in the Help terminal caused by insufficient input filtering, enabling command chaining (example: --help; curl .py | python) without authentication. Public exploit exists (Exploit-DB: 50822). CVSS metrics indicate high impact...
CVE-2022-50919 Tdarr 2.00.15 - Command Injection
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without...
Tdarr 操作系统命令注入漏洞
Tdarr is a multimedia transcoding automation platform from Tdarr Inc. Tdarr version 2.00.15 suffers from an operating system command injection vulnerability that stems from unauthenticated remote code execution in the Help endpoint, which could lead an attacker to inject and link arbitrary comman...
PT-2026-2395
Name of the Vulnerable Software and Affected Versions Tdarr version 2.00.15 Description The software contains an unauthenticated remote code execution issue in its Help terminal. An attacker can inject and chain arbitrary commands due to a lack of input filtering. Specifically, an attacker can us...
CVE-2005-1674
Cross-Site Request Forgery CSRF vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php...
CVE-2009-4047
Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...